Campaign Studio provides the Sign and Encrypt feature to support sending digitally-signed emails through Secure/Multipurpose Internet Mail Extensions (S/MIME).
In S/MIME, the signing process helps the email recipient to ensure that the email sender is authentic.
S/MIME requires an email client that can use keys and certificates. It also requires exchange of public keys for which you must take support from your IT team.
Configuring the Sign and Encrypt feature
Prerequisites
Before you start configuring the Sign and Encrypt feature in Campaign Studio, you must:
Configure a sender domain in Campaign Factory and validate it.
Configure Mail Send Settings to add details for the fields specific to your Campaign Studio instance.
Configure Mail Send Settings to add details for the fields specific to your email transport.
Important
You cannot use API services to send signed emails.
You might experience a reduction in the speed of sending emails when using an SMTP service.
Get the S/MIME feature enabled for your Campaign Studio instance by creating a support ticket.
Configuration checklist
Use the following checklist to configure the Sign and Encrypt feature in Campaign Studio:
Verifying the permissions to access S/MIME certificates
After the feature is enabled, Campaign Studio makes the S/MIME Certificates - User has access to permissions available. To verify these permissions:
Log in to Campaign Studio.
Click Settings > Roles.
On the Roles page, click +New.
On the Roles - New Role page, click the Permissions tab.
Click Custom Object Permissions and verify that the S/MIME Certificates - User has access to permissions are available.
Verifying the custom object to manage S/MIME certificates
After the feature is enabled, Campaign Studio also creates a custom object to help you manage S/MIME certificates for email addresses.
To verify the custom object:
Log in to Campaign Studio.
In the left navigation pane, expand Custom Objects.
Verify that the S/MIME Certificates custom object is available.
Creating the S/MIME certificate for an email address
In addition to the custom object, Campaign Studio creates an associated custom item. You can configure the custom item to create the S/MIME certificate for the FROM email address that must send signed emails.
You can also create the S/MIME certificate for any FROM email address.
In the left navigation pane, expand Custom Objects and select S/MIME Certificates.
On the S/MIME Certificates page, click +New.
Campaign Studio displays the New S/MIME Certificate page.
In Name, enter the email address that you want to configure as the FROM email address for sending signed emails from Campaign Studio.
In Public Key (.crt), enter the public key in the certificate issued by your Certificate Authority.
In Private Key (.pem), enter the private key issued by your Certificate Authority.
Note
Once the Private Key field is saved, it is encrypted and the text area is replaced with an encrypted string so that it is neither visible in the UI nor accessible in the plaintext format in the file on the disk.
Click Save & Close.
Repeat these steps to create the S/MIME certificate for each FROM email address that must send signed emails from Campaign Studio.
If the certificate is invalid, Campaign Studio displays a notification and sets the Published toggle bar to No. To make the certificate valid, you must edit the certificate, correct its public and private keys, and click Save & Close. After you make the certificate valid, the custom item can be published and the certificate can be used for sending.
Important
If you delete the custom item, the certificate is also deleted.
If you change the custom item email address, the certificate for the original email address is also deleted.
If the certificate does not exist for the sender email address, the email is sent without signing.
Testing the S/MIME certificates
To test the S/MIME certificates:
Send a test email from different email addresses in Campaign Studio.
In the test email sent from an email address that has the S/MIME certificate configured, verify that:
The certificate is trusted in the from information.
The Sender’s Digital Signature is present.
Email header is signed.